Shulou(Shulou.com)06/02 Report--

CheungSSHWeb3.0

Preface

Although not excellent, please give support and understanding

Under the general trend of the development of the Internet, cloud computing and big data have become dominant. Under the two major trends, the number of servers in enterprises is increasing day by day. How to effectively manage a large number of servers has become a problem considered by major companies. In the traditional manual management mode, it has been difficult to achieve efficient maintenance, human management server? Or the server manager?

In order to solve this problem, I am obsessed with the research of operation and maintenance automation. At present, the Web framework of Python language + Django is used in the back end, and the CheungSSHWeb3.0 automation operation and maintenance system developed by Bootstrap+Javascript+jQuery framework is used in the front end. The communication protocol adopts the SSH protocol of Linux system, and there is no Agent. And through the Paramiko library to complete automatic login, the system can basically meet the needs of daily automatic operation and maintenance. The whole process of the system is independently developed by me and does not use any third-party tools and interfaces.

Please point out the deficiencies in the design of the system, and thank you for your support and trust. If you encounter any problems in the process of use, or if you have any opinions and suggestions, you are welcome to communicate and learn with me.

XYZ. Log drawing (for demonstration purposes, for new users, please read from Chapter 1.1)

This function is to provide log drawing function, but it is currently limited to the analysis of Apache/Nginx/Tomcat access_log logs. For other logs, it will be supported later.

XYZ.1 uploads log files locally

Please click

A prompt will appear. Of course, after you are familiar with the system, you do not need to click on it, drag your mouse directly, and drag and drop the website log on your PC computer directly into the net:

In a moment, the date selection will pop up. You can select the date in the log file to view the statistics, such as (Nov. 11, 2016).

Note: the above date selection, from the log file you uploaded, some dates in the log file, can be selected, otherwise it will not be displayed.

Now select a date, the system will automatically draw, the drawing project is determined by CheungSSH, if you want to add, you can contact the CheungSSH author to add a new function module, the following is the drawing results of each function analysis point:

1.1 CheunSSH background

Cheungssh open source project

The whole process of CheungSSH is independently developed by Zhang Qichuan, and the back-end uses Python language and Django web framework. The front end adopts Javascript, jQuery script language, Bottstrap template system and div+css layout. The front and back end communication is connected by Restful API interface. The shell version was first launched in 2014 and web2.0 in 2015, with more than 1000 users and followers. Now the latest version is cheungssh web3.0, and both the front-end and back-end designers are Zhang Qichuan.

1.2 CheungSSH featur

Without Agent, it adopts the SSH communication protocol of Linux system, which has the highest degree of security.

Support for PC and mobile terminals

Support task flow scheduling

Support automatic asset collection

Support automatic check of host status

RestFul API

Web system

Custom log report

1.4 CheungSSH feature list

Function

Description

Custom log drawing

According to the drawing of Nginx and Apache login log files, the drawing data include: traffic trend, 500errors, 200correct percentage, etc.

Create a server

Join the server

Automatic check of host status

After joining the host to the system, the system asks whether the host is normal by default for 10 minutes.

System network topology

Each host can draw a topology diagram automatically.

Topology View Host Asset

Double-click the host in the topology and you can see all the resources of the host, such as CPU, status, port, and so on.

Batch command

In the web page, simulate SecureCrt or Xshell, Putty to operate multiple servers at the same time to execute commands, and can execute dynamic commands such as top, ping and so on.

Batch life × × task

In the batch execution of commands, you can add the commands to be executed in batches to the scheduled tasks, and then execute them at a point in time.

Personal command history

On the batch command execution page, display your first five command history. Same as Linux's history.

Batch file download

Download Linux server files in batches on Web, the whole process is automatic

Batch file download

Upload files locally from your PC to each remote server, and you can directly drag the mouse to upload

Batch scheduled task display

Displays a list of scheduled tasks on each host

Batch schedule tasks add / delete / modify

Bulk manipulate the scheduled task list on the remote server. Can be deleted / modified / added

Secret key management

If you have a Linux server logged in through SSH-Key, you need to upload the key file and manage it here.

Batch script management

You can drag and upload scripts from your PC machine to each remote server and execute them with one click.

Command record

All command actions you perform on the web system are recorded and the history is checked here.

Operation record

Record the operation records of various functions on the web system, such as creating servers, executing commands, modifying scheduled tasks, and so on.

Login record

All users who log in to the control system are recorded.

Command blacklist

If you do not want the server to execute some special commands, such as rm, shutdown, init, etc., you can add these commands here. CheungSSH will block such operations for you, but if you are a Super Admin account, the system will prompt you whether it is mandatory. If you are an ordinary user, refuse directly, but will not be prompted.

Login threshold

The login security of the system, such as bank card password input too many times, it will be locked. Here, it is locked according to the IP address, and if it exceeds the default setting of 5 times, the IP address will be locked, and no account can log in through the IP even with the correct account password.

Remote file management

View the file contents of the remote server directly on web without the need for cat, more, less commands

Custom assets

Customize mobile phone entries, such as vendor mobile phone, CPU and memory information, etc. Divided into static and dynamic assets.

Asset display

Display all the asset information

Asset data drawing

Assets with historical data can be plotted on their own. At present, the default is line chart.

Application management

Directly use web interface to operate linux server, or custom programs, such as tomcat,apache.

Bulk software installation & application deployment

Directly install the software and deploy the code of tomcat, weblogic and other applications in cheungssh

Batch Docker image management

Automatically collects docker images on remote hosts, and supports image addition and container creation

Bulk Docker Container Management

Automatically collect docker containers on remote hosts, and support deletion and startup of containers

WebSSH

Log in to the SSH server directly on the web page

1.4 CheungSSH API interface list

The following is a breakdown of the costs and functions of each API

Function

Add Server

Network topology

Command history

Command execution

Regular execution of commands

Batch file upload

Batch file download

Create a scheduled task

Script execution

Script creation

New intercept command

Remote file / log view

Custom asset type

Asset information

Execute the application

Perform deployment tasks

Docker image download

Docker container creation

Docker container startup

Docker Container stop

1.4 CheungSSH contact information

QQ group: 517241115

1.2CheungSSH installation mode

One-click installation

1.3 one-click installation

Conditions:

1. Need to be networked

The first step is to download the software package (it is recommended to download it from open source China, and the network speed of the domestic server is faster)

Http://git.oschina.net/CheungSSH_OSC/CheungSSH

Step two

Extract the package, change cd to the bin directory, and execute the installation script:

[root@CheungSSH bin] # sh install-cheungssh.sh

After the installation is finished, you can open the web page.

Step 3 visit the page

Access the IP address where you installed the CheungSSH system, and specify the port when you install it

For example, the author's server address is:

Http://192.168.1.1

After entering, the system automatically jumps to the login page for you. The default login user is: cheungssh default login password is: cheungssh223456

Note: if you log in more than 5 times, the system will lock your IP address. In the future, even if you use the correct account password, you will not be able to log in to the system normally, and it will not be unlocked automatically until one day later. This is the security mechanism of CheungSSH. In the meantime, you can log in with a different IP address.

1.4 start the CheungSSH service

By default, CheungSSH starts with the system without manual startup. If you want to intervene manually, please visit: service cheungssh start

2.1 Server configuration

Before using the CheungSSH automation system, you need to enter the information of your remote host in advance so that CheungSSH can automate the task for you. Otherwise, automatic execution is out of the question. The login methods supported by CheungSSH are SSH password login and SSH-Key login.

2.1.1 add a managed server individually

Finally, click Save.

The refresh icon above indicates that cheungssh is requesting the status of the server. If the server is in a normal state, the following icon is displayed:

3. 1 network topology

So far, you have added server information through the server configuration and selected the node to which the host is connected, so so far, you can see the following topology:

2.2.1 add a topology node

Up to now, you have only seen the topology diagram of your Linux server and CheungSSH automation system, but this is certainly not enough. For example, in your network, in addition to Linux servers, there are also network devices such as routers, switches, firewalls, and so on. Of course, these devices are not managed by CheungSSH, and CheungSSH does not manage these devices. However, you can add nodes to the network topology by creating them.

After saving, you will see the following list:

At this point, you refresh the web page, then navigate to "Topology layout", and you can see that the topology has changed.

Then, you add a server to the system again, and select the connection node of the server as the "SDN router" you just created. After saving, you can see that the server is connected to the SDN routing node.

Refresh the page again to see the network topology:

3.2 Save the topology layout

By default, the system uses an adaptive layout. This is a random algorithm. The layout of the network topology will not be the same each time you open it. For example, you find the automated layout of the system inconvenient for you to observe, after you drag the layout of the device, such as this:

However, when you refresh the page again and open the layout, the layout of the page will return to the original layout, and the system will not save the layout for you. You need to click the "Save layout" button in the upper left corner to save it, so that the next time you open it, the network topology layout will be the same as last time.

3.2 execute device properties (double-click to enter the terminal)

In order to facilitate use, the author specially customized for everyone to double-click the network device icon to enter the interactive command terminal, where you can execute interactive commands such as cd,top,ping, but still do not support some interactive commands, such as vim.

You can double-click the device icon, or right-click to open the terminal:

Execute a command from ping www.baidu.com:

If you want to exit the terminal, you can exit or logout, of course, these are linux system commands, or you can directly close the terminal interface.

Note: in this terminal, you can cd directory, ping, top and other commands, but commands such as vim and crontab are not supported. If you want vim to open a file, please go to the file management function to use.

In addition, in the [terminal] and [asset management] here, only the server has such a function, while other non-servers, such as firewalls and routers, do not have this function.

3.2.2 assets belong to × × ×

In the current development, the ability to click the topology icon to open the asset is not supported. If you need such a function, you can customize the development.

4.1 Command execution

This function, like Xshell, SecureCRT and Putty, can send system commands in batches for Linux servers to execute.

4.1.1 Select the server on which you want to execute the command

By default, the system has selected all hosts, so if you want to execute commands for some hosts, please select the server to execute first.

Press enter, and you will see the progress bar for execution in a moment, indicating the percentage of execution completed:

During execution, the results executed by the target server are continuously returned on the web:

5.1 File upload

File upload refers to the batch upload of files on your current PC computer to a remote server, where you can easily upload by dragging with the touch of the mouse.

As a first step, you should select the server to upload:

Once selected, click OK, and then go to the next page.

5.1.1 File upload-Quick upload

Click [Fast], which means fast and simple steps.

In the input above, enter which directory you want to transfer your files to the remote server. Note, for example, if you select 10 servers and the destination paths of all 10 servers are the same, you can click "Quick" here. But if in your 10 servers, the paths are not all the same, then you must select Advanced, this action is just to distinguish the paths, the following is shown in the [fast] way.

After the upload is completed, you can see the upload results of each server. On the right, red and green indicate failure and success, respectively. If you fail, you can click the red tab, which will show the reason for the failure:

5.1.2 File upload-Advanced upload

The meaning is that if the paths of 3 of the 10 servers where you want to upload files are not the same, then you can use this function to perform different paths separately.

Now, click "Advanced" to upload:

Click the start button to start uploading

5.2 File download

File download, the author's design is more advanced, if the download is smooth, really need to click the mouse twice, all the remote files will be automatically downloaded to your PC computer.

Now, your first choice is to choose which servers to download files on:

Now that you have selected the server, select the path to the remote server:

About [Advanced] and [Quick instructions]

[advanced] option description: for example, if you want to download files from 10 servers, but the paths of these files are not all the same, you can specify them through this option. After you have specified them, you need to start the download manually.

[quick] option description: for example, if you want to download files from 10 servers, all the paths on these files are the same, then you only need to enter the path here, and the CheungSSH system will download it for you with one click, of course, the steps are more concise.

If some servers fail to download during the download process, CheungSSH will pop up a prompt to tell you that there is a partial failure, and then you can click "download" to confirm that the download file has been downloaded to your PC computer:

If you want to continue with other download tasks, please re-select the Server and start.

6.1 schedule tasks

Add scheduled tasks:

After it is added, it can be executed on the remote server [dockerA].

Crontab-l

Check to see if the addition was successful.

7.1 upload key

In all the file upload functions of CheungSSH, they are uploaded by drag-and-drop.

Of course, I just put a few files on the demo line above, never mind the file name. At this point, if you have a server logged in through SSH-Key, you can make the following choices in the server configuration:

8.1 upload script

In cheungssh, you can also execute scripts, and there are two ways to create scripts. And friendly support for Chinese display and script Chinese name.

The first is to upload a script file from your PC computer, of course, just drag it in the old way:

In the second upload method, you can directly click "+" to write the script content on the web page:

Enter the script name:

Start writing to the script:

When it is finished, click the "Update" button.

8.2 View the contents of the script

To view the contents of the script, just click:

8.3 execute script

To execute the script, please click

After clicking the next step, you can output the script parameters, of course, you can not enter, just go to the next step:

Now, click * * next * * to start the initialization script:

Now, I manually click the "execute" button, waiting for the result of the script execution for so long:

The following is the result of the script execution:

Note: every time you click to open a script execution process, if you need to execute again, be sure to close the current execution window and click execute again.

9.1 Command record

In the Command execution function, all command execution records are recorded here.

An explanation of [status]:

It means that it is correct to execute the order, that is to say, echo $? Is 0

Indicates that the command executed may have failed, or it may be a problem with the server

Indicates that the command is still in the process of execution and has not been finished, such as a long execution command such as ping,top

For the above three states, if you want to view the details, you can click it directly, and then view the details, as follows:

9.2 Operation record

In the CheungSSH system, all visits, such as executing commands, adding host configurations, deleting resources, and so on, are recorded here.

You can click to view the detailed requests for user operations, such as the added server, IP, password, and so on.

9.3 Login record

All users who have logged in to the CheungSSH system have records of when and where they logged in.

10.1 command blacklist

In the traditional SecureCRT, Putty, Xshell client, any command can be executed (unless the Linux permission is limited), so there are often some security risks, such as root mistakenly executed shutdown, init, rm and other high-risk commands, and can not intercept and cause the system to crash. CheungSSH encapsulates this situation, and you can add commands that you think cannot be executed into the system, so if users execute commands through this system, if they find that they refuse to execute, they will intercept.

Add a command blacklist, such as uptime

In this way, if the "uptime" command is executed in batch commands, it will be intercepted instead of being executed:

The above shows clearly that when developing the software, the author took into account that if you are a super administrator, you can still execute any command, but you need to confirm the execution. If you are an ordinary user, not a super administrator, you will not be prompted for coercion at all, but will simply refuse!

Note: the Super Admin will prompt whether it is mandatory, while the average user will not prompt and reject it directly.

10.2 Login threshold

For login security, when CheungSSH verifies login, if an IP logs in more than 5 times in a row, the CheungSSH system will reject all logins for that IP, regardless of whether the password is correct or not, just like a bank card.

Set the login threshold:

Note: if your IP is unfortunately locked by the system, please log in again with a new IP. You can unlock the IP after logging in.

10.3 unlock IP

Delete the IP to log in.

12.1 remote files

The original intention of the author is to make it easy for everyone to open the web page and view the contents of Linux files, instead of using cat, vim, more and other commands to open files, which is too cumbersome for an ordinary R & D or financial staff, because they are likely not to know these commands, followed by Linux passwords and other conditions, with this function. You can even use iPhone or the browsers of SAMSUNG, HUAWEI and other mobile phones to view the contents of the file directly, of course, whether it is a file or a log, as long as there is a file in the system.

First, you need to add an entry for what path file you want to view on what server:

Once you have saved it, you can see the following entries:

Now you can click to view the contents of the file "/ etc/passwd" on the server "my Docker Test":

Note: the server can be selected here because this server has been added in the "Host configuration" function.

13.1 Custom assets

Why are there custom assets? The thing is, when designing, CheungSSH authors only symbolically add some asset elements to collect, such as disk, CPU, memory, etc., but these often do not apply to the needs of every user, for example, you may need to collect the number of connections to Tocmat, the number of online users, and other different needs. So here, in order to make your experience better, the CheungSSH author has added the "Custom assets" feature, that is, you can define a command by yourself, for example, you want to count the number of connections in Tomcat, which is to scan the contents of a file and do various calculations, then for the system, it is a command to complete. Therefore, you only need to add the command for your statistics, which is the custom asset feature. Then, the system finally gets a number and enters it into the system.

Tip: this function has been updated in CheungSSH 3.3.Please consult the author to modify the background file for the latest usage.

Note: the backend of the CheungSSH system automatically collects assets. The interval is 30 minutes. You can also modify it yourself.

13.2 Asset Information

The above describes custom assets, of course. Whether or not you need to define custom assets, the system will automatically collect data every 30 minutes, and the collected data will be displayed here. So where did the collected servers come from? Of course, when you enter the account password and other information of the host in [Host configuration], the CheungSSH system collects it for you by default.

Note: for the server where the assets are collected, the account must have root permission or sudo,su permission, otherwise it cannot be collected, because some information cannot be collected if it is not an root account. As for why, I think you should understand this. In addition, if you find that the collection time is not recent, it is likely that there is something wrong with the collected server, such as incorrect account password, network failure, and so on.

13.2.1 History of each asset

On the first assets page, you see the most recent statistics for each asset. If you want to open an asset's historical statistics, click its hostname, and then go to another page:

13.2.2 View asset line charts of numeric types:

If you click on an item of numeric type, you can go to the following page:

Note: historical asset data points. The default is up to 50.

14.1 Application Management

Remember your usual commands like service httpd start and service sshd stop? These are to stop starting the service, in order to let the R & D staff, or to operate the service quickly, the author of CheungSSH has developed a simple application management for you here. Here, you can add the above command, and then you can execute it at the click of a button, isn't it much more convenient?

Option explanation:

[server] is the server on which you want to execute this command

[application name] give this application a name

[check command] default is echo$? For example, when you start Tocmat, you may need to check the web page to determine, so you can enter your command here. According to the command executed, echo $? Whether to return 0 to determine whether it is a success or failure

[home user] which user can operate, of course, the Super Admin is unlimited.

Then click on the action bar to execute the command, of course, do not misunderstand that the action button means "start", it means to execute the life of the application.

After the implementation, let's take a look at the results:

15.1 Application and software deployment

First of all, this function is not only application deployment, but also software installation, application deployment, it is equivalent to the general YML function of a software, you can define the steps to operate. Therefore, whether you are Tocmat application code update online, or Apache software installation, and other functional operations, can be completed.

I wonder if you have done Tomcat code update online, installed Apache, MySQL and other software, DB backup. Operations like these are often not completed by one command, but by multiple commands, and sometimes it is necessary to judge whether the last command was successful or not, and if it fails, it needs to be terminated immediately and needs to be backed back. With operations like this, CheungSSH is the perfect solution!

First of all, assume the first actual case here, such as the Apache software installation. Now, take a rough look at the preparation conditions and process for installing the software.

Apache automatic installation instance

Prepare the software package

Http-2.4.25.tar.gz one.

A copy of the httd.conf configuration

Assume no dependencies and have installed the gcc compilation environment (yuminstall-y gcc* in case there is no gcc)

The server on which the task is performed

Quantity can be customized and can be multiple (grayscale publishing mode, that is, service-by-service execution)

Operation command step carding (each step must be successful, otherwise terminated)

1. Upload the software package http-2.4.25.tar.gz from your PC to the CheungSSH server (of course, you have to download this software on the Internet to your PC computer)

two。 Upload the http-2.4.25.tar.gz package from the CheungSSH server to the server where the software is installed

3. On the CheungSSH server, extract that package

4. On the CheungSSH server, go to the directory of the unzipped package and execute the. / config program to start the installation

5. Make&& make install

6. Move the prepared configuration file httpd.conf to the specified location

7. Execute the startup command

8. Complete

Note: the author is only to demonstrate how to use it. You do not need to install apache according to the author's steps. Please be sure to decide your installation process according to your current server environment.

Installation flow chart

Note: the above is just an example of the author's own installation of Apache. It doesn't matter if your installation steps are different, you can define it yourself. I'm just here for a demonstration.

Now, start creating the task:

Click add step Task

Now, you can see that a server appears on the page, and there is the first step, so choose a server first, what do you mean? Just select a server and perform the steps I combed above on that server.

Click the underline next to "Server", then pop up the server selection interface and select a server.

Note: only one server can be selected in the check box, not more than one. If you want to select more than one, you need to add multiple server steps.

Now that you have selected a server, you should set a process diagram for the server to perform the task (sort out the process)

As you can see, it is divided into servers, and there are N steps in each server. After performing the N steps of one server, continue to execute the N steps of the next server until all the server steps are completed. Why is it designed in this way? Just consider that your set of business servers, such as Tomcat, are not installed in exactly the same directory. The CheungSSH author is just for you to use flexibly. Of course, this also brings a problem, if there are 100 servers to operate, then you have to add 100 servers. This is cumbersome and will be upgraded later, adding a button to copy steps and a button to adjust the order of steps.

Note: if any one of the steps fails during the execution, the execution of the subsequent steps will be terminated for the sake of security.

Let's follow the steps above to create one by one:

The first step is to upload the software package http-2.4.25.tar.gz from your PC to the CheungSSH server (the software has been downloaded beforehand). You can drag the file directly to the web page and upload it directly.

The second step is to upload the software to the remote "my Docker Test" server on the CheungSSH system (that is, the same as our commonly used scp command).

Take a look at the effect of the first step after creation:

The third step is to extract the previously uploaded httpd file (of course, the task hasn't started yet, it's just written in advance)

In addition, if you want to delete a step, you can click the "Delete" button, as shown in the figure. The blackened part is the part to be deleted (of course, for demonstration purposes, it will not be deleted):

The fourth step is to start compiling Apache (as for the compilation command, depending on your personal needs, the author makes it easy to demonstrate here)

Step 5: install make and make install

Step 6: upload the prepared httpd.conf configuration file (also drag and upload)

Step 7 upload the httpd.conf file from cheungssh to the remote server

Step 8 execute the startup command of apache (apachectl start)

Step 9 if you have N servers, please cycle through the above step process.

Now, please click Save this task.

Now that the task has been created, you can click to execute the task. Please click as shown in the figure

Functional explanation of [details]:

This function refers to the function that can check the status of the task before, during and after the execution of the task. It will not start the task, but only look at the status of the task.

Functional explanation of [startup]:

This function is used to start the task. After starting the task, you can wait for the task to be executed online, of course, you can close the web page, then come back and reopen the web page later, and check the execution status of the task through the [details] function. This function is executed in the background, so you don't have to worry about whether the page is closed.

Now, we want to start this task, please click to start it.

There is something wrong with it, you can click on it to see what the details are:

See the error message, because of the APR problem, we will not continue to solve this dependency problem here. I think I have accomplished the purpose of the demonstration.

Finally, when you return to the main page, you can see that the status of the task has been marked as failed:

16.1Docker image self-discovery

If you add a host using root Super Admin in Host configuration, and there is a docker image in the host, the CheungSSH system will automatically discover the list and display it on the web page.

The interval of automatic discovery is 30 minutes. On this page, you can operate the docker image function on your own.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.